installing WAFFLE as a Service. Client application can get requestrequest.RemoteUser

I have a situation. where in I need to install this Waffle based application as a servlet. (Done, and then hitting the servlet from browser shows me the remoteUser. url is:
http://localhost:8080/SimpleSSO/Servlet1) - deployed on JVM1.

There is another webapplicationWF which should send the user's request to ﻿﻿http://localhost:8080/SimpleSSO/Servlet1, and in return get the remoteUser from this servlet back. Once i have this remoteUser,
i can connect to LDAP etc... from my webapplicationWF and authorize him/her. - deployed on JVM2.

Is this possible. There are many reasons why i need to keep Waffle as a seperate servlet based webapp.

I tried, newUrl(). but the waffleServlet give me back 401 unauthorized. I tried httpget, it also gave me 401 unauthorized. Basically looks like i cannot call this waffle servlet from another webapp.

I thought of making waffle as a standalone service, to which multiple requestors on different JVM can forward the request and get their remoteUser back, and then do their SSO. Is this possible at all? im also opened to put this waffle service on the same
jvm, which means i will have to install this waffle service multiple times one on each cluster and with each webapplicationWF.

BACKGROUND:

Scenario 1:

webapplicationWF (without waffle Negotiate filter) - is a j2ee webapp. it has logic and some webservices written in Apache axis and are exposed from inside. - runs on Tomcat.

clients:- users uses internet Explorer, connects to this webapplicationWF, from intranet- enter login creds from index.jsp present inside webapplicationWF and get in this webapp. And other applications can call webservices hosted
inside this webapplicationWF normally.

Scenario 2:

BUT when i configured Waffle as a filter in the webapplicationWF for /* , Negotiate is happening perfectly, user from IE is able to log inside the webapp without having to put user name pwd. (I use the request.remote user and do
authenticate from LDAP.) But unfortunately when other applications(webapp2) wants to call the webservices hosted inside webapplicationWF. the webapp2 fails to get the access with 401 unauthorized error.

If you want to call a web service hosted inside an application that's behind Negotiate (Waffle) from a client, you need to implement the Negotiate protocol in this client. You can do this with Waffle, this
is a similar discussion.

Well, it won't work on *nix, Waffle is windows only and assumes you're on a windows machine joined to a domain. On *nix you will have to do something different, such as Basic auth. If it's still unclear, write a very simple description of your scenario,
again. -dB.

users(people) will use windows (specifically InternetExplorer) to connect to these webapp, and would require SSO. And as you said will be joined to a domain.

The catch here is the webapp2 which is a caller to the waffle enabled webapp, will also reside on *nix, and the windows user(people) will say click a button to call the webservice to the webapp on *nix which is behind waffle.